22use Luracast\Restler\RestException;
24require_once DOL_DOCUMENT_ROOT.
'/main.inc.php';
25require_once DOL_DOCUMENT_ROOT.
'/api/class/api.class.php';
26require_once DOL_DOCUMENT_ROOT.
'/core/lib/files.lib.php';
62 public function index($modulepart, $original_file =
'')
66 if (empty($modulepart)) {
67 throw new RestException(400,
'bad value for parameter modulepart');
69 if (empty($original_file)) {
70 throw new RestException(400,
'bad value for parameter original_file');
74 $entity = $conf->entity;
85 $relativefile = $original_file;
88 $accessallowed = $check_access[
'accessallowed'];
89 $sqlprotectagainstexternals = $check_access[
'sqlprotectagainstexternals'];
90 $original_file = $check_access[
'original_file'];
92 if (preg_match(
'/\.\./', $original_file) || preg_match(
'/[<>|]/', $original_file)) {
93 throw new RestException(403);
95 if (!$accessallowed) {
96 throw new RestException(403);
99 $filename = basename($original_file);
100 $original_file_osencoded =
dol_osencode($original_file);
102 if (!file_exists($original_file_osencoded)) {
103 dol_syslog(
"Try to download not found file ".$original_file_osencoded, LOG_WARNING);
104 throw new RestException(404,
'File not found');
107 $file_content = file_get_contents($original_file_osencoded);
108 return array(
'filename'=>$filename,
'content-type' =>
dol_mimetype($filename),
'filesize'=>filesize($original_file),
'content'=>base64_encode($file_content),
'encoding'=>
'base64');
133 public function builddoc($modulepart, $original_file =
'', $doctemplate =
'', $langcode =
'')
135 global $conf, $langs;
137 if (empty($modulepart)) {
138 throw new RestException(400,
'bad value for parameter modulepart');
140 if (empty($original_file)) {
141 throw new RestException(400,
'bad value for parameter original_file');
144 $outputlangs = $langs;
145 if ($langcode && $langs->defaultlang != $langcode) {
147 $outputlangs->setDefaultLang($langcode);
151 $entity = $conf->entity;
162 $relativefile = $original_file;
165 $accessallowed = $check_access[
'accessallowed'];
166 $sqlprotectagainstexternals = $check_access[
'sqlprotectagainstexternals'];
167 $original_file = $check_access[
'original_file'];
169 if (preg_match(
'/\.\./', $original_file) || preg_match(
'/[<>|]/', $original_file)) {
170 throw new RestException(403);
172 if (!$accessallowed) {
173 throw new RestException(403);
183 if ($modulepart ==
'facture' || $modulepart ==
'invoice') {
184 require_once DOL_DOCUMENT_ROOT.
'/compta/facture/class/facture.class.php';
185 $tmpobject =
new Facture($this->db);
186 $result = $tmpobject->fetch(0, preg_replace(
'/\.[^\.]+$/',
'', basename($original_file)));
188 throw new RestException(404,
'Invoice not found');
191 $templateused = $doctemplate ? $doctemplate : $tmpobject->model_pdf;
192 $result = $tmpobject->generateDocument($templateused, $outputlangs, $hidedetails, $hidedesc, $hideref);
194 throw new RestException(500,
'Error generating document');
196 } elseif ($modulepart ==
'facture_fournisseur' || $modulepart ==
'invoice_supplier') {
197 require_once DOL_DOCUMENT_ROOT .
'/fourn/class/fournisseur.facture.class.php';
199 $result = $tmpobject->fetch(0, preg_replace(
'/\.[^\.]+$/',
'', basename($original_file)));
201 throw new RestException(404,
'Supplier invoice not found');
204 $templateused = $doctemplate ? $doctemplate : $tmpobject->model_pdf;
205 $result = $tmpobject->generateDocument($templateused, $outputlangs, $hidedetails, $hidedesc, $hideref);
207 throw new RestException(500,
'Error generating document');
209 } elseif ($modulepart ==
'commande' || $modulepart ==
'order') {
210 require_once DOL_DOCUMENT_ROOT.
'/commande/class/commande.class.php';
211 $tmpobject =
new Commande($this->db);
212 $result = $tmpobject->fetch(0, preg_replace(
'/\.[^\.]+$/',
'', basename($original_file)));
214 throw new RestException(404,
'Order not found');
216 $templateused = $doctemplate ? $doctemplate : $tmpobject->model_pdf;
217 $result = $tmpobject->generateDocument($templateused, $outputlangs, $hidedetails, $hidedesc, $hideref);
219 throw new RestException(500,
'Error generating document');
221 } elseif ($modulepart ==
'propal' || $modulepart ==
'proposal') {
222 require_once DOL_DOCUMENT_ROOT.
'/comm/propal/class/propal.class.php';
223 $tmpobject =
new Propal($this->db);
224 $result = $tmpobject->fetch(0, preg_replace(
'/\.[^\.]+$/',
'', basename($original_file)));
226 throw new RestException(404,
'Proposal not found');
228 $templateused = $doctemplate ? $doctemplate : $tmpobject->model_pdf;
229 $result = $tmpobject->generateDocument($templateused, $outputlangs, $hidedetails, $hidedesc, $hideref);
231 throw new RestException(500,
'Error generating document');
233 } elseif ($modulepart ==
'contrat' || $modulepart ==
'contract') {
234 require_once DOL_DOCUMENT_ROOT .
'/contrat/class/contrat.class.php';
236 $tmpobject =
new Contrat($this->db);
237 $result = $tmpobject->fetch(0, preg_replace(
'/\.[^\.]+$/',
'', basename($original_file)));
240 throw new RestException(404,
'Contract not found');
243 $templateused = $doctemplate ? $doctemplate : $tmpobject->model_pdf;
244 $result = $tmpobject->generateDocument($templateused, $outputlangs, $hidedetails, $hidedesc, $hideref);
247 throw new RestException(500,
'Error generating document missing doctemplate parameter');
249 } elseif ($modulepart ==
'expedition' || $modulepart ==
'shipment') {
250 require_once DOL_DOCUMENT_ROOT .
'/expedition/class/expedition.class.php';
253 $result = $tmpobject->fetch(0, preg_replace(
'/\.[^\.]+$/',
'', basename($original_file)));
256 throw new RestException(404,
'Shipment not found');
259 $templateused = $doctemplate ? $doctemplate : $tmpobject->model_pdf;
260 $result = $tmpobject->generateDocument($templateused, $outputlangs, $hidedetails, $hidedesc, $hideref);
263 throw new RestException(500,
'Error generating document missing doctemplate parameter');
265 } elseif ($modulepart ==
'mrp') {
266 require_once DOL_DOCUMENT_ROOT .
'/mrp/class/mo.class.php';
268 $tmpobject =
new Mo($this->db);
269 $result = $tmpobject->fetch(0, preg_replace(
'/\.[^\.]+$/',
'', basename($original_file)));
272 throw new RestException(404,
'MO not found');
275 $templateused = $doctemplate ? $doctemplate : $tmpobject->model_pdf;
276 $result = $tmpobject->generateDocument($templateused, $outputlangs, $hidedetails, $hidedesc, $hideref);
279 throw new RestException(500,
'Error generating document missing doctemplate parameter');
282 throw new RestException(403,
'Generation not available for this modulepart');
285 $filename = basename($original_file);
286 $original_file_osencoded =
dol_osencode($original_file);
288 if (!file_exists($original_file_osencoded)) {
289 throw new RestException(404,
'File not found');
292 $file_content = file_get_contents($original_file_osencoded);
293 return array(
'filename'=>$filename,
'content-type' =>
dol_mimetype($filename),
'filesize'=>filesize($original_file),
'content'=>base64_encode($file_content),
'langcode'=>$outputlangs->defaultlang,
'template'=>$templateused,
'encoding'=>
'base64');
320 if (empty($modulepart)) {
321 throw new RestException(400,
'bad value for parameter modulepart');
324 if (empty(
$id) && empty($ref)) {
325 throw new RestException(400,
'bad value for parameter id or ref');
332 if ($modulepart ==
'societe' || $modulepart ==
'thirdparty') {
333 require_once DOL_DOCUMENT_ROOT.
'/societe/class/societe.class.php';
335 if (!DolibarrApiAccess::$user->hasRight(
'societe',
'lire')) {
336 throw new RestException(403);
342 throw new RestException(404,
'Thirdparty not found');
345 $upload_dir = $conf->societe->multidir_output[
$object->entity].
"/".
$object->id;
346 } elseif ($modulepart ==
'user') {
347 require_once DOL_DOCUMENT_ROOT.
'/user/class/user.class.php';
350 if (!DolibarrApiAccess::$user->hasRight(
'user',
'user',
'lire') && DolibarrApiAccess::$user->
id !=
$id) {
351 throw new RestException(403);
357 throw new RestException(404,
'User not found');
361 } elseif ($modulepart ==
'adherent' || $modulepart ==
'member') {
362 require_once DOL_DOCUMENT_ROOT.
'/adherents/class/adherent.class.php';
364 if (!DolibarrApiAccess::$user->hasRight(
'adherent',
'lire')) {
365 throw new RestException(403);
371 throw new RestException(404,
'Member not found');
374 $upload_dir = $conf->adherent->dir_output.
"/".
get_exdir(0, 0, 0, 1,
$object,
'member');
375 } elseif ($modulepart ==
'propal' || $modulepart ==
'proposal') {
376 require_once DOL_DOCUMENT_ROOT.
'/comm/propal/class/propal.class.php';
378 if (!DolibarrApiAccess::$user->hasRight(
'propal',
'lire')) {
379 throw new RestException(403);
385 throw new RestException(404,
'Proposal not found');
389 } elseif ($modulepart ==
'supplier_proposal') {
390 require_once DOL_DOCUMENT_ROOT.
'/supplier_proposal/class/supplier_proposal.class.php';
392 if (!DolibarrApiAccess::$user->hasRight(
'supplier_proposal',
'read')) {
393 throw new RestException(403);
399 throw new RestException(404,
'Supplier proposal not found');
403 } elseif ($modulepart ==
'commande' || $modulepart ==
'order') {
404 require_once DOL_DOCUMENT_ROOT.
'/commande/class/commande.class.php';
406 if (!DolibarrApiAccess::$user->hasRight(
'commande',
'lire')) {
407 throw new RestException(403);
413 throw new RestException(404,
'Order not found');
416 $upload_dir = $conf->commande->dir_output.
"/".
get_exdir(0, 0, 0, 1,
$object,
'commande');
417 } elseif ($modulepart ==
'commande_fournisseur' || $modulepart ==
'supplier_order') {
418 $modulepart =
'supplier_order';
420 require_once DOL_DOCUMENT_ROOT.
'/fourn/class/fournisseur.commande.class.php';
422 if (!DolibarrApiAccess::$user->hasRight(
'fournisseur',
'commande',
'lire') && !DolibarrApiAccess::$user->hasRight(
'supplier_order',
'lire')) {
423 throw new RestException(403);
429 throw new RestException(404,
'Purchase order not found');
433 } elseif ($modulepart ==
'shipment' || $modulepart ==
'expedition') {
434 require_once DOL_DOCUMENT_ROOT.
'/expedition/class/expedition.class.php';
436 if (!DolibarrApiAccess::$user->hasRight(
'expedition',
'lire')) {
437 throw new RestException(403);
443 throw new RestException(404,
'Shipment not found');
446 $upload_dir = $conf->expedition->dir_output.
"/sending/".
get_exdir(0, 0, 0, 1,
$object,
'shipment');
447 } elseif ($modulepart ==
'facture' || $modulepart ==
'invoice') {
448 require_once DOL_DOCUMENT_ROOT.
'/compta/facture/class/facture.class.php';
450 if (!DolibarrApiAccess::$user->hasRight(
'facture',
'lire')) {
451 throw new RestException(403);
457 throw new RestException(404,
'Invoice not found');
460 $upload_dir = $conf->facture->dir_output.
"/".
get_exdir(0, 0, 0, 1,
$object,
'invoice');
461 } elseif ($modulepart ==
'facture_fournisseur' || $modulepart ==
'supplier_invoice') {
462 $modulepart =
'supplier_invoice';
464 require_once DOL_DOCUMENT_ROOT.
'/fourn/class/fournisseur.facture.class.php';
466 if (!DolibarrApiAccess::$user->hasRight(
'fournisseur',
'facture',
'lire') && !DolibarrApiAccess::$user->hasRight(
'supplier_invoice',
'lire')) {
467 throw new RestException(403);
473 throw new RestException(404,
'Invoice not found');
476 $upload_dir = $conf->fournisseur->dir_output.
"/facture/".
get_exdir(
$object->id, 2, 0, 0,
$object,
'invoice_supplier').dol_sanitizeFileName(
$object->ref);
477 } elseif ($modulepart ==
'produit' || $modulepart ==
'product') {
478 require_once DOL_DOCUMENT_ROOT.
'/product/class/product.class.php';
480 if (!DolibarrApiAccess::$user->hasRight(
'produit',
'lire')) {
481 throw new RestException(403);
487 throw new RestException(404,
'Product not found');
488 } elseif ($result < 0) {
489 throw new RestException(500,
'Error while fetching object: '.
$object->error);
493 } elseif ($modulepart ==
'agenda' || $modulepart ==
'action' || $modulepart ==
'event') {
494 require_once DOL_DOCUMENT_ROOT.
'/comm/action/class/actioncomm.class.php';
496 if (!DolibarrApiAccess::$user->hasRight(
'agenda',
'myactions',
'read') && !DolibarrApiAccess::$user->hasRight(
'agenda',
'allactions',
'read')) {
497 throw new RestException(403);
503 throw new RestException(404,
'Event not found');
507 } elseif ($modulepart ==
'expensereport') {
508 require_once DOL_DOCUMENT_ROOT.
'/expensereport/class/expensereport.class.php';
510 if (!DolibarrApiAccess::$user->hasRight(
'expensereport',
'read') && !DolibarrApiAccess::$user->hasRight(
'expensereport',
'read')) {
511 throw new RestException(403);
517 throw new RestException(404,
'Expense report not found');
521 } elseif ($modulepart ==
'knowledgemanagement') {
522 require_once DOL_DOCUMENT_ROOT.
'/knowledgemanagement/class/knowledgerecord.class.php';
524 if (!DolibarrApiAccess::$user->hasRight(
'knowledgemanagement',
'knowledgerecord',
'read') && !DolibarrApiAccess::$user->hasRight(
'knowledgemanagement',
'knowledgerecord',
'read')) {
525 throw new RestException(403);
531 throw new RestException(404,
'KM article not found');
535 } elseif ($modulepart ==
'categorie' || $modulepart ==
'category') {
536 require_once DOL_DOCUMENT_ROOT.
'/categories/class/categorie.class.php';
538 if (!DolibarrApiAccess::$user->hasRight(
'categorie',
'lire')) {
539 throw new RestException(403);
545 throw new RestException(404,
'Category not found');
549 } elseif ($modulepart ==
'ecm') {
550 throw new RestException(500,
'Modulepart Ecm not implemented yet.');
565 } elseif ($modulepart ==
'contrat' || $modulepart ==
'contract') {
566 $modulepart =
'contrat';
567 require_once DOL_DOCUMENT_ROOT .
'/contrat/class/contrat.class.php';
572 throw new RestException(404,
'Contract not found');
575 $upload_dir = $conf->contrat->dir_output .
"/" .
get_exdir(0, 0, 0, 1,
$object,
'contract');
576 } elseif ($modulepart ==
'projet' || $modulepart ==
'project') {
577 $modulepart =
'project';
578 require_once DOL_DOCUMENT_ROOT .
'/projet/class/project.class.php';
583 throw new RestException(404,
'Project not found');
586 $upload_dir = $conf->projet->dir_output .
"/" .
get_exdir(0, 0, 0, 1,
$object,
'project');
587 } elseif ($modulepart ==
'mrp') {
589 require_once DOL_DOCUMENT_ROOT .
'/mrp/class/mo.class.php';
594 throw new RestException(404,
'MO not found');
597 $upload_dir = $conf->mrp->dir_output .
"/" .
get_exdir(0, 0, 0, 1,
$object,
'mrp');
599 throw new RestException(500,
'Modulepart '.$modulepart.
' not implemented yet.');
602 $objectType = $modulepart;
604 $objectType =
$object->table_element;
607 $filearray =
dol_dir_list($upload_dir, $type, $recursive,
'',
'(\.meta|_preview.*\.png)$', $sortfield, (strtolower($sortorder) ==
'desc' ? SORT_DESC : SORT_ASC), 1);
608 if (empty($filearray)) {
609 throw new RestException(404,
'Search for modulepart '.$modulepart.
' with Id '.
$object->id.(!empty(
$object->ref) ?
' or Ref '.$object->ref :
'').
' does not return any document.');
611 if ((
$object->id) > 0 && !empty($modulepart)) {
612 require_once DOL_DOCUMENT_ROOT.
'/ecm/class/ecmfiles.class.php';
614 $result = $ecmfile->fetchAll(
'',
'', 0, 0, array(
't.src_object_type' => $objectType,
't.src_object_id' =>
$object->id));
616 throw new RestException(503,
'Error when retrieve ecm list : '.$this->db->lasterror());
617 } elseif (is_array($ecmfile->lines) && count($ecmfile->lines) > 0) {
618 $count = count($filearray);
619 for ($i = 0 ; $i < $count ; $i++) {
620 foreach ($ecmfile->lines as $line) {
621 if ($filearray[$i][
'name'] == $line->filename) {
622 $filearray[$i] = array_merge($filearray[$i], (array) $line);
677 public function post($filename, $modulepart, $ref =
'', $subdir =
'', $filecontent =
'', $fileencoding =
'', $overwriteifexists = 0, $createdirifnotexists = 1, $position = 0, $cover =
'', $array_options = [])
681 $modulepartorig = $modulepart;
683 if (empty($modulepart)) {
684 throw new RestException(400,
'Modulepart not provided.');
687 $newfilecontent =
'';
688 if (empty($fileencoding)) {
689 $newfilecontent = $filecontent;
691 if ($fileencoding ==
'base64') {
692 $newfilecontent = base64_decode($filecontent);
699 $entity = DolibarrApiAccess::$user->entity;
700 if (empty($entity)) {
708 if ($modulepart ==
'facture' || $modulepart ==
'invoice') {
709 $modulepart =
'facture';
711 require_once DOL_DOCUMENT_ROOT.
'/compta/facture/class/facture.class.php';
713 } elseif ($modulepart ==
'facture_fournisseur' || $modulepart ==
'supplier_invoice') {
714 $modulepart =
'supplier_invoice';
716 require_once DOL_DOCUMENT_ROOT.
'/fourn/class/fournisseur.facture.class.php';
718 } elseif ($modulepart ==
'commande' || $modulepart ==
'order') {
719 $modulepart =
'commande';
721 require_once DOL_DOCUMENT_ROOT.
'/commande/class/commande.class.php';
723 } elseif ($modulepart ==
'commande_fournisseur' || $modulepart ==
'supplier_order') {
724 $modulepart =
'supplier_order';
726 require_once DOL_DOCUMENT_ROOT.
'/fourn/class/fournisseur.commande.class.php';
728 } elseif ($modulepart ==
'projet' || $modulepart ==
'project') {
729 require_once DOL_DOCUMENT_ROOT.
'/projet/class/project.class.php';
731 } elseif ($modulepart ==
'task' || $modulepart ==
'project_task') {
732 $modulepart =
'project_task';
734 require_once DOL_DOCUMENT_ROOT.
'/projet/class/task.class.php';
737 $task_result =
$object->fetch(0, $ref);
740 if ($task_result > 0) {
741 $project_result =
$object->fetch_projet();
743 if ($project_result >= 0) {
747 throw new RestException(500,
'Error while fetching Task '.$ref);
749 } elseif ($modulepart ==
'product' || $modulepart ==
'produit' || $modulepart ==
'service' || $modulepart ==
'produit|service') {
750 require_once DOL_DOCUMENT_ROOT.
'/product/class/product.class.php';
752 } elseif ($modulepart ==
'expensereport') {
753 require_once DOL_DOCUMENT_ROOT.
'/expensereport/class/expensereport.class.php';
755 } elseif ($modulepart ==
'fichinter') {
756 require_once DOL_DOCUMENT_ROOT.
'/fichinter/class/fichinter.class.php';
758 } elseif ($modulepart ==
'adherent' || $modulepart ==
'member') {
759 $modulepart =
'adherent';
760 require_once DOL_DOCUMENT_ROOT.
'/adherents/class/adherent.class.php';
762 } elseif ($modulepart ==
'proposal' || $modulepart ==
'propal' || $modulepart ==
'propale') {
763 $modulepart =
'propale';
764 require_once DOL_DOCUMENT_ROOT.
'/comm/propal/class/propal.class.php';
766 } elseif ($modulepart ==
'agenda' || $modulepart ==
'action' || $modulepart ==
'event') {
767 $modulepart =
'agenda';
768 require_once DOL_DOCUMENT_ROOT .
'/comm/action/class/actioncomm.class.php';
770 } elseif ($modulepart ==
'contact' || $modulepart ==
'socpeople') {
771 $modulepart =
'contact';
772 require_once DOL_DOCUMENT_ROOT.
'/contact/class/contact.class.php';
775 } elseif ($modulepart ==
'contrat' || $modulepart ==
'contract') {
776 $modulepart =
'contrat';
777 require_once DOL_DOCUMENT_ROOT .
'/contrat/class/contrat.class.php';
779 } elseif ($modulepart ==
'mrp') {
781 require_once DOL_DOCUMENT_ROOT .
'/mrp/class/mo.class.php';
785 throw new RestException(500,
'Modulepart '.$modulepart.
' not implemented yet.');
791 $result =
$object->fetch($ref);
793 $result =
$object->fetch(0, $ref);
797 throw new RestException(404,
"Object with ref '".$ref.
"' was not found.");
798 } elseif ($result < 0) {
799 throw new RestException(500,
'Error while fetching object: '.
$object->error);
804 throw new RestException(404,
'The object '.$modulepart.
" with ref '".$ref.
"' was not found.");
809 if ($modulepart ==
'supplier_invoice') {
814 if ($modulepart !=
'ecm') {
815 $relativefile = $tmpreldir.dol_sanitizeFileName(
$object->ref);
817 $upload_dir = $tmp[
'original_file'];
819 if (!DolibarrApiAccess::$user->hasRight(
'ecm',
'upload')) {
820 throw new RestException(403,
'Missing permission to upload files in ECM module');
822 $upload_dir = $conf->medias->multidir_output[$conf->entity];
825 if (empty($upload_dir) || $upload_dir ==
'/') {
826 throw new RestException(500,
'This value of modulepart ('.$modulepart.
') does not support yet usage of ref. Check modulepart parameter or try to use subdir parameter instead of ref.');
829 if ($modulepart ==
'invoice') {
830 $modulepart =
'facture';
832 if ($modulepart ==
'member') {
833 $modulepart =
'adherent';
837 if ($modulepart !=
'ecm') {
838 $relativefile = $subdir;
840 $upload_dir = $tmp[
'original_file'];
842 if (!DolibarrApiAccess::$user->hasRight(
'ecm',
'upload')) {
843 throw new RestException(403,
'Missing permission to upload files in ECM module');
845 $upload_dir = $conf->medias->multidir_output[$conf->entity];
848 if (empty($upload_dir) || $upload_dir ==
'/') {
849 if (!empty($tmp[
'error'])) {
850 throw new RestException(403,
'Error returned by dol_check_secure_access_document: '.$tmp[
'error']);
852 throw new RestException(400,
'This value of modulepart ('.$modulepart.
') is not allowed with this value of subdir ('.$relativefile.
')');
860 if (!empty($createdirifnotexists)) {
862 throw new RestException(500,
'Error while trying to create directory '.$upload_dir);
866 $destfile = $upload_dir.
'/'.$original_file;
867 $destfiletmp = DOL_DATA_ROOT.
'/admin/temp/'.$original_file;
872 throw new RestException(400,
'Directory does not exists : '.dirname($destfile));
875 if (!$overwriteifexists &&
dol_is_file($destfile)) {
876 throw new RestException(400,
"File with name '".$original_file.
"' already exists.");
884 $fhandle = @fopen($destfiletmp,
'w');
886 $nbofbyteswrote = fwrite($fhandle, $newfilecontent);
890 throw new RestException(500,
"Failed to open file '".$destfiletmp.
"' for write");
893 $disablevirusscan = 0;
894 $src_file = $destfiletmp;
895 $dest_file = $destfile;
899 if (empty($disablevirusscan) && file_exists($src_file)) {
901 if (count($checkvirusarray)) {
902 dol_syslog(
'Files.lib::dol_move_uploaded_file File "'.$src_file.
'" (target name "'.$dest_file.
'") KO with antivirus: errors='.implode(
',', $checkvirusarray), LOG_WARNING);
903 throw new RestException(500,
'ErrorFileIsInfectedWithAVirus: '.implode(
',', $checkvirusarray));
912 $publicmediasdirwithslash = $conf->medias->multidir_output[$conf->entity];
913 if (!preg_match(
'/\/$/', $publicmediasdirwithslash)) {
914 $publicmediasdirwithslash .=
'/';
917 if (strpos($upload_dir, $publicmediasdirwithslash) !== 0 || !
getDolGlobalInt(
"MAIN_DOCUMENT_DISABLE_NOEXE_IN_MEDIAS_DIR")) {
918 $dest_file .=
'.noexe';
924 if (preg_match(
'/^\./', basename($src_file)) || preg_match(
'/\.\./', $src_file) || preg_match(
'/[<>|]/', $src_file)) {
925 dol_syslog(
"Refused to deliver file ".$src_file, LOG_WARNING);
926 throw new RestException(500,
"Refused to deliver file ".$src_file);
931 if (preg_match(
'/^\./', basename($dest_file)) || preg_match(
'/\.\./', $dest_file) || preg_match(
'/[<>|]/', $dest_file)) {
932 dol_syslog(
"Refused to deliver file ".$dest_file, LOG_WARNING);
933 throw new RestException(500,
"Refused to deliver file ".$dest_file);
936 $moreinfo = array(
'note_private' =>
'File uploaded using API /documents from IP '.
getUserRemoteIP());
938 $moreinfo[
'src_object_type'] =
$object->table_element;
939 $moreinfo[
'src_object_id'] =
$object->id;
941 if (!empty($array_options)) {
942 $moreinfo = array_merge($moreinfo, [
"array_options" => $array_options]);
944 if (!empty($position)) {
945 $moreinfo = array_merge($moreinfo, [
"position" => $position]);
947 if (!empty($cover)) {
948 $moreinfo = array_merge($moreinfo, [
"cover" => $cover]);
952 $result =
dol_move($destfiletmp, $dest_file,
'0', $overwriteifexists, 1, 1, $moreinfo);
954 throw new RestException(500,
"Failed to move file into '".$dest_file.
"'");
975 public function delete($modulepart, $original_file)
977 global $conf, $langs;
979 if (empty($modulepart)) {
980 throw new RestException(400,
'bad value for parameter modulepart');
982 if (empty($original_file)) {
983 throw new RestException(400,
'bad value for parameter original_file');
987 $entity = $conf->entity;
998 $relativefile = $original_file;
1001 $accessallowed = $check_access[
'accessallowed'];
1002 $sqlprotectagainstexternals = $check_access[
'sqlprotectagainstexternals'];
1003 $original_file = $check_access[
'original_file'];
1005 if (preg_match(
'/\.\./', $original_file) || preg_match(
'/[<>|]/', $original_file)) {
1006 throw new RestException(403);
1008 if (!$accessallowed) {
1009 throw new RestException(403);
1012 $filename = basename($original_file);
1013 $original_file_osencoded =
dol_osencode($original_file);
1015 if (!file_exists($original_file_osencoded)) {
1016 dol_syslog(
"Try to download not found file ".$original_file_osencoded, LOG_WARNING);
1017 throw new RestException(404,
'File not found');
1020 if (@unlink($original_file_osencoded)) {
1024 'message' =>
'Document deleted'
1029 throw new RestException(403);
if( $user->socid > 0) if(! $user->hasRight('accounting', 'chartofaccount')) $object
Class to manage agenda events (actions)
Class to manage members of a foundation.
Class to manage categories.
Class to manage predefined suppliers products.
Class to manage customers orders.
API class for receive files.
post($filename, $modulepart, $ref='', $subdir='', $filecontent='', $fileencoding='', $overwriteifexists=0, $createdirifnotexists=1, $position=0, $cover='', $array_options=[])
Return a document.
__construct()
Constructor.
index($modulepart, $original_file='')
Download a document.
getDocumentsListByElement($modulepart, $id=0, $ref='', $sortfield='', $sortorder='')
Return the list of documents of a dedicated element (from its ID or Ref)
builddoc($modulepart, $original_file='', $doctemplate='', $langcode='')
Build a document.
Class to manage ECM files.
Class to manage Trips and Expenses.
Class to manage suppliers invoices.
Class to manage invoices.
Class for KnowledgeRecord.
Class to manage products or services.
Class to manage projects.
Class to manage proposals.
Class to manage third parties objects (customers, suppliers, prospects...)
Class to manage translations.
Class to manage Dolibarr users.
dol_basename($pathfile)
Make a basename working with all page code (default PHP basenamed fails with cyrillic).
dol_delete_file($file, $disableglob=0, $nophperrors=0, $nohook=0, $object=null, $allowdotdot=false, $indexdatabase=1, $nolog=0)
Remove a file or several files with a mask.
dol_move($srcfile, $destfile, $newmask='0', $overwriteifexists=1, $testvirus=0, $indexdatabase=1, $moreinfo=array())
Move a file into another name.
dol_check_secure_access_document($modulepart, $original_file, $entity, $fuser=null, $refname='', $mode='read')
Security check when accessing to a document (used by document.php, viewimage.php and webservices to g...
dol_is_file($pathoffile)
Return if path is a file.
dolCheckVirus($src_file, $dest_file='')
Check virus into a file.
dol_dir_list($utf8_path, $types="all", $recursive=0, $filter="", $excludefilter=null, $sortcriteria="name", $sortorder=SORT_ASC, $mode=0, $nohook=0, $relativename="", $donotfollowsymlinks=0, $nbsecondsold=0)
Scan a directory and return a list of files/directories.
dol_is_dir($folder)
Test if filename is a directory.
dol_mimetype($file, $default='application/octet-stream', $mode=0)
Return MIME type of a file from its name with extension.
dol_osencode($str)
Return a string encoded into OS filesystem encoding.
dolChmod($filepath, $newmask='')
Change mod of a file.
getDolGlobalInt($key, $default=0)
Return a Dolibarr global constant int value.
dol_sanitizeFileName($str, $newstr='_', $unaccent=1)
Clean a string to use it as a file name.
isAFileWithExecutableContent($filename)
Return if a file can contains executable content.
getDolGlobalString($key, $default='')
Return a Dolibarr global constant string value.
getUserRemoteIP()
Return the IP of remote user.
get_exdir($num, $level, $alpha, $withoutslash, $object, $modulepart='')
Return a path to have a the directory according to object where files are stored.
dol_syslog($message, $level=LOG_INFO, $ident=0, $suffixinfilename='', $restricttologhandler='', $logcontext=null)
Write log message into outputs.
dol_sanitizePathName($str, $newstr='_', $unaccent=1)
Clean a string to use it as a path name.
dol_mkdir($dir, $dataroot='', $newmask='')
Creation of a directory (this can create recursive subdir)